Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

informazione se sono infetto

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

informazione se sono infetto

Postdi gringo » 03/06/08 21:05

salve ieri l'antivirus mi ha bloccato un virus troian di cui ho cestinato subito , ma da ieri il compiuter mi va male mi potete analizare "hijackthis" qui allegato e se sono infetto mi potete guidare perchè ho poco dimestichezza.grazie
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.47.07, on 03/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\444.471
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Salvatore\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cc809c1b] rundll32.exe "C:\WINDOWS\system32\ydxpwyqo.dll",b
O4 - HKLM\..\Run: [BMcfb3af87] Rundll32.exe "C:\WINDOWS\system32\hqoswuun.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB7121E9-D23D-4103-8165-9B93874914C4}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: netpker - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7780 bytes
Avatar utente
gringo
Utente Senior
 
Post: 139
Iscritto il: 08/09/06 21:12

Sponsor
 

Re: informazione se sono infetto

Postdi Luke57 » 04/06/08 07:43

Ciao, scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se le icone del desktop spariscono è normale)
Segui le istruzioni e alla fine verrà generato un log.
collegati e posta il report (C:\combofix.txt)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: informazione se sono infetto

Postdi gringo » 04/06/08 08:21

ComboFix 08-06-03.1 - Salvatore 2008-06-04 9.04.29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.519 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Salvatore\Documenti\Progammi scaricati\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMcfb3af87.xml
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bJjkknpo.ini
C:\WINDOWS\system32\bJjkknpo.ini2
C:\WINDOWS\system32\cskhuhrd.ini
C:\WINDOWS\system32\hxireimj.ini
C:\WINDOWS\system32\jmierixh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkrojrmf.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\OnqXHkkj.ini
C:\WINDOWS\system32\OnqXHkkj.ini2
C:\WINDOWS\system32\opnkkjJb.dll
C:\WINDOWS\system32\oqywpxdy.ini
C:\WINDOWS\system32\trndvtxy.dll
C:\WINDOWS\system32\vGMUwyxx.ini
C:\WINDOWS\system32\vGMUwyxx.ini2
C:\WINDOWS\system32\yayXnOGy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Creati Da 2008-05-04 al 2008-06-04 )))))))))))))))))))))))))))))))))))
.

2008-06-04 07:19 . 2008-06-04 07:19 <DIR> d-------- C:\Programmi\Lavasoft
2008-06-04 07:19 . 2008-06-04 07:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-04 06:52 . 2008-06-04 08:13 <DIR> d-------- C:\WINDOWS\system32\2830
2008-06-04 06:52 . 2008-06-04 06:52 55,808 --a------ C:\WINDOWS\portsv.exe
2008-06-02 22:44 . 2008-06-02 22:48 <DIR> d-------- C:\Documents and Settings\Salvatore\Dati applicazioni\uTorrent
2008-06-02 22:43 . 2008-06-02 22:44 <DIR> d-------- C:\Programmi\uTorrent
2008-06-02 22:43 . 2008-06-02 22:43 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-06-02 22:43 . 2008-06-02 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-06-02 22:43 . 2008-06-02 22:43 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-02 22:23 . 2008-06-02 22:23 <DIR> d-------- C:\Programmi\Yahoo!
2008-06-01 07:52 . 2008-06-01 07:52 <DIR> d-------- C:\Programmi\Fox
2008-05-23 16:30 . 2007-09-17 13:08 22,486 -rahs---- C:\WINDOWS\unins000.ico
2008-05-18 08:59 . 2008-05-23 15:43 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Documents and Settings\Salvatore\Dati applicazioni\Sierra Entertainment
2008-05-15 22:45 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-15 22:45 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-15 22:45 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-15 22:45 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-15 14:40 . 2008-05-16 06:06 <DIR> d-------- C:\Programmi\Google
2008-05-11 12:53 . 2008-05-23 15:51 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-05-09 22:58 . 2008-05-09 22:58 <DIR> d-------- C:\Programmi\CCleaner
2008-05-07 21:30 . 2008-05-07 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 21:27 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\003022_.tmp
2008-05-07 19:09 . 2008-05-07 21:22 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 07:08 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\VMware
2008-06-04 07:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VMware
2008-06-04 06:11 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-04 06:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-04 05:18 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-06-03 16:55 --------- d-----w C:\Programmi\eMule
2008-06-02 20:46 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Azureus
2008-06-02 15:36 --------- d-----w C:\Programmi\PopCap Games
2008-06-02 05:15 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-31 05:25 --------- d-----w C:\Programmi\DivX
2008-05-25 21:10 --------- d-----w C:\Programmi\TuneUp Utilities 2008
2008-05-15 01:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 12:22 --------- d-----w C:\Programmi\Alawar
2008-05-12 14:11 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-11 05:47 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Winamp
2008-05-02 05:41 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\dvdcss
2008-05-01 09:52 --------- d-----w C:\Programmi\Microsoft Games
2008-04-29 19:10 --------- d-----w C:\Programmi\Azureus
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-25 14:29 --------- d-----w C:\Programmi\Sierra On-Line
2008-04-19 06:24 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-04-18 11:58 --------- d-----w C:\Programmi\Winamp
2008-04-17 05:51 --------- d-----w C:\Programmi\BoontyGames
2008-04-17 05:49 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-04-17 05:49 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-04-17 05:49 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2008-04-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2008-04-16 10:02 --------- d-----w C:\Programmi\Opera
2008-04-15 06:57 --------- d-----w C:\Programmi\Bud Redhead
2008-04-14 21:24 --------- d-----w C:\Programmi\Auslogics
2008-04-14 21:24 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Auslogics
2008-04-13 17:13 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:53 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:50 25,728 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:48 327,168 ----a-w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 09:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 09:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 09:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74D8B2E2-1EE2-4EA5-9CCE-55753F14CD62}]
C:\WINDOWS\system32\jkkHXqnO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 07:59 878080]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-19 20:16 949376]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-12 23:48 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:14]
R3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
R3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S2 netpker;netpker;C:\WINDOWS\svchost.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-01 23:55]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1039b716-e04d-11dc-9bad-0090d0d21e99}]
\Shell\AutoRun\command - K:\mystv.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c68b7c2-feee-11dc-ae23-0090d0d21e99}]
\Shell\AutoRun\command - L:\setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-04 07:16:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 09:09:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\ESET\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-04 9:16:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 07:16:20

12 Directory 219,265,441,792 byte disponibili
17 Directory 219,538,354,176 byte disponibili

263 --- E O F --- 2008-05-23 13:52:00
Avatar utente
gringo
Utente Senior
 
Post: 139
Iscritto il: 08/09/06 21:12

Re: informazione se sono infetto

Postdi Luke57 » 04/06/08 09:12

Ciao, adesso copia questo codice

Codice: Seleziona tutto
File::
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\003022_.tmp
C:\WINDOWS\system32\jkkHXqnO.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74D8B2E2-1EE2-4EA5-9CCE-55753F14CD62}]


poi apri un file di testo (start>esegui>notepa.exe lo digiti nello spazio)>OK), incollaci il codice, salva il file di testo con il nome obbligatorio di CFScript.txt , trascinalo con il puntarore del mouse sull'icona di combofix per una nuova scansione con eventuale riavvio.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: informazione se sono infetto

Postdi gringo » 04/06/08 13:43

ComboFix 08-06-03.1 - Salvatore 2008-06-04 14.29.38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Salvatore\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Salvatore\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\003022_.tmp
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\jkkHXqnO.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\003022_.tmp
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\6141\28008.dll
C:\WINDOWS\system32\attfd42.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\win32t4.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Creati Da 2008-05-04 al 2008-06-04 )))))))))))))))))))))))))))))))))))
.

2008-06-04 10:37 . 2008-06-04 14:31 <DIR> d-------- C:\WINDOWS\system32\6141
2008-06-04 10:05 . 2008-06-04 10:05 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-04 07:19 . 2008-06-04 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-04 06:52 . 2008-06-04 08:13 <DIR> d-------- C:\WINDOWS\system32\2830
2008-06-02 22:44 . 2008-06-02 22:48 <DIR> d-------- C:\Documents and Settings\Salvatore\Dati applicazioni\uTorrent
2008-06-02 22:43 . 2008-06-02 22:44 <DIR> d-------- C:\Programmi\uTorrent
2008-06-02 22:43 . 2008-06-02 22:43 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-06-02 22:43 . 2008-06-02 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-06-02 22:23 . 2008-06-02 22:23 <DIR> d-------- C:\Programmi\Yahoo!
2008-06-01 07:52 . 2008-06-01 07:52 <DIR> d-------- C:\Programmi\Fox
2008-05-23 16:30 . 2007-09-17 13:08 22,486 -rahs---- C:\WINDOWS\unins000.ico
2008-05-18 08:59 . 2008-05-23 15:43 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Documents and Settings\Salvatore\Dati applicazioni\Sierra Entertainment
2008-05-15 22:45 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-15 22:45 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-15 22:45 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-15 22:45 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-15 14:40 . 2008-05-16 06:06 <DIR> d-------- C:\Programmi\Google
2008-05-11 12:53 . 2008-05-23 15:51 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-05-09 22:58 . 2008-05-09 22:58 <DIR> d-------- C:\Programmi\CCleaner
2008-05-07 21:30 . 2008-05-07 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 19:09 . 2008-05-07 21:22 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 12:33 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\VMware
2008-06-04 12:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VMware
2008-06-04 08:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-04 08:01 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-06-03 16:55 --------- d-----w C:\Programmi\eMule
2008-06-02 20:46 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Azureus
2008-06-02 15:36 --------- d-----w C:\Programmi\PopCap Games
2008-06-02 05:15 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-31 05:25 --------- d-----w C:\Programmi\DivX
2008-05-25 21:10 --------- d-----w C:\Programmi\TuneUp Utilities 2008
2008-05-15 01:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 12:22 --------- d-----w C:\Programmi\Alawar
2008-05-12 14:11 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-11 05:47 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Winamp
2008-05-02 05:41 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\dvdcss
2008-05-01 09:52 --------- d-----w C:\Programmi\Microsoft Games
2008-04-29 19:10 --------- d-----w C:\Programmi\Azureus
2008-04-25 14:29 --------- d-----w C:\Programmi\Sierra On-Line
2008-04-19 06:24 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-04-18 11:58 --------- d-----w C:\Programmi\Winamp
2008-04-17 05:51 --------- d-----w C:\Programmi\BoontyGames
2008-04-17 05:49 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-04-17 05:49 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-04-17 05:49 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2008-04-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2008-04-16 10:02 --------- d-----w C:\Programmi\Opera
2008-04-15 06:57 --------- d-----w C:\Programmi\Bud Redhead
2008-04-14 21:24 --------- d-----w C:\Programmi\Auslogics
2008-04-14 21:24 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Auslogics
2008-04-13 17:13 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:53 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:50 25,728 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:48 327,168 ----a-w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 09:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 09:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 09:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 09:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 09:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 09:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 09:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_ 9.16.10.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 07:08:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 12:33:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-04 06:15:44 62,222 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-04 07:13:28 62,222 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-04 06:15:44 83,156 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-04 07:13:28 83,156 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-06-04 06:15:44 403,728 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-04 07:13:28 403,728 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-04 06:15:44 473,440 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-04 07:13:29 473,440 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-04 12:33:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 07:59 878080]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-19 20:16 949376]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-12 23:48 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:14]
R3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
R3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S2 netpker;netpker;C:\WINDOWS\svchost.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-01 23:55]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1039b716-e04d-11dc-9bad-0090d0d21e99}]
\Shell\AutoRun\command - K:\mystv.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c68b7c2-feee-11dc-ae23-0090d0d21e99}]
\Shell\AutoRun\command - L:\setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-04 12:16:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 14:33:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\ESET\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-04 14:41:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 12:41:16
ComboFix2.txt 2008-06-04 07:16:24

12 Directory 220,606,033,920 byte disponibili
17 Directory 220,603,310,080 byte disponibili

264 --- E O F --- 2008-05-23 13:52:00
Avatar utente
gringo
Utente Senior
 
Post: 139
Iscritto il: 08/09/06 21:12

Re: informazione se sono infetto

Postdi Luke57 » 04/06/08 17:13

Ciao, sembra a posto adesso.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: informazione se sono infetto

Postdi gringo » 04/06/08 17:34

ok grazie vorrei ricambiare ma a quel che vedo per me è impossibile che arrivo al tuo livello .Ciao e una buona giornata
Avatar utente
gringo
Utente Senior
 
Post: 139
Iscritto il: 08/09/06 21:12


Torna a Sicurezza e Privacy


Topic correlati a "informazione se sono infetto":

informazione
Autore: rosalialia
Forum: Software Windows
Risposte: 1
Sono anch'io con voi!
Autore: Padus
Forum: Forum off-topic
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti